IT Security News Blast 5-2-2017

The downtown Bremerton office serves as the operations center for Critical Informatics, a tech firm that provides managed cybersecurity services to mid-sized businesses and government agencies. The job of the analysts in Bremerton is to detect network intrusions as early as possible, helping clients respond rapidly to incidents of cyber crime. “This is our mission control,” company founder Michael Hamilton said on a tour of the freshly renovated offices last week.

Financial services organizations cut the intermediary step between cybercriminals and the funds they seek. Hackers can obtain troves of data in attacks on healthcare organizations, but they have to take additional steps to monetize that information and open fraudulent accounts. However, money is more easily accessible if you can get malware onto bank systems, he explains. Threat actors can access usernames and passwords, withdraw money, and create fake debit cards, among other illicit activities.

“The bad guys made a lot of money last year,” said Kevin Haley, director of Symantec Security Response. “They keep getting better and more efficient at what they do; they managed to fool us in new and different ways.” Some of the damage done last year:

Data breaches that exposed 1.1 billion identities, up from 564 million in 2015

More ransomware attacks with higher extortion demands

Some of the biggest distributed denial of service (DDoS) attacks on record, causing “unprecedented levels of disruption” to internet traffic.

The stakes are high for SMBs because the impact from a security breach can be far more detrimental to the survival of a smaller company than a larger one. “A large enterprise has a number of backstops and usually has a response ready when it happens. But a small organization … the initial infection can probably lead to something more serious and greater,” says Stephen Cobb, ESET senior security researcher, noting that a security breach potentially could put an SMB out of business.

The legislation, released on Monday, allots $1.8 billion to the National Protection and Programs Directorate at the DHS, an $183 million increase over fiscal year 2016 levels. A large portion of the funding is specifically designated for the DHS’s cybersecurity efforts. The organization would get $1.4 billion to secure civilian government networks, detect and stop cyberattacks and foreign espionage activities, and modernize and bolster emergency communication networks.

Security company Endera explained that employers want to know if an employee is on a criminal watchlist, is booked or arrested, loses a key certificate, is in financial distress or is involved in a lawsuit. An employee roster is loaded into the continuous monitoring system, and that system provides 24/7 scanning of thousands of external data sources. The employer receives real-time, secure alerts for further investigation.

The car in question, the £60,000 BMW X5, seemed to have disappeared from the driveway while its owners slept. Upon investigating the CCTV footage, it was revealed that two thieves stole it by using some transmitting device that was apparently hidden inside the bag which extended the signal coming from the car keys inside the house. This model uses a keyless start system, which means that the car can be unlocked only by having the fob relatively close, or in this case, transmitting its signal so that the car would assume that you have the keys with you.

In late March 2017, I was invited to submit for the record my views on “the Promises and Perils of Emerging Technologies for Cybersecurity” before the Senate Committee on Commerce, Science, and Transportation. […] The hearing was intended to explore the impact of emerging technologies, including artificial intelligence, the internet of things, blockchain, and quantum computing, on the future of cybersecurity and to launch a discussion about how such technologies create new cyber vulnerabilities but also innovative opportunities to combat cyber threats more effectively.

The US Court of Appeals for the District of Columbia Circuit denied the broadband industry’s petition for a rehearing of a case that upheld net neutrality rules last year. A three-judge panel ruled 2-1 in favor of the FCC in June 2016, but ISPs wanted an en banc review in front of all of the court’s judges. The request for an en banc review was denied in the order issued today. ISPs could still appeal to the Supreme Court, but the net neutrality rules are likely to be eliminated by the FCC’s current leadership. FCC Chairman Ajit Pai, a Republican, opposed the rules when they were implemented by his predecessor, Democrat Tom Wheeler.

The New York cyber regulation, which went into effect on March 1st, sets forth a series of requirements, many of which must be implemented by the end of August. The requirements range from designating a chief information security officer to mandatory board reports and yearly compliance certifications. Institutions covered by the regulation include banks and insurers that operate in the state as well as branches of foreign and out-of-state banks. We have reported extensively on the regulation.

“When determining whether a cyber incident constitutes an armed attack, the U.S. Government considers a number of factors including the nature and extent of injury or death to persons and the destruction of, or damage to, property. Besides effects, other factors may also be relevant to a determination, including the context of the event, the identity of the actor perpetrating the action, the target and its location, and the intent of the actor, among other factors.” See Military Cyber Operations, hearing of the House Armed Services Committee, June 22, 2016.

“It’s very inexpensive. It’s very efficient,” said John Hultquist, a cyber espionage analyst who’s studied the growth of hacking among smaller nations for iSight Partners, a division of FireEye, a Milpitas, California, cybersecurity firm. Hultquist said his firm was tracking several new players, which he declined to identify – “I’d get in trouble for naming them” – that had no prior experience in cyber espionage. “These would be smaller developing countries that would appear to be building out their own capability,” Hultquist said. “It’s not just the Chinese anymore or the North Koreans. Some of them are quite good.”

A man killed his wife and tried to have someone else convicted of his crime. However, the whole case was solved through Fitbit timeline. According to reports, the murder took place on 23rd December 2015 at around 10 a.m. The victim, Connie Dabate, was a married woman and mother of two children and as evidence revealed the killer was non-other than her husband, Richard Dabate.

IBM issued a support advisory last week warning users that some USB flash drives containing the company’s Storwize initialization tool include a file infected with malicious code. The affected tool is found on the USB flash drive with the partnumber 01AC585, and was shipped with the Storwize V3500, V3700, and V5000 Gen 1 systems. (More specifically: 2071 models 02A and 10A for V3500; 2072 models 12C, 24C and 2DC for V3700; and 2077 models 12C and 24C and 2078 models 12C and 24C for V5000.)

While the private sector has internalized protections and is held accountable by normal market mechanisms for its own cybersecurity, it cannot be expected to safeguard against attacks carried out by the Federal Security Service (FSB) of the Russian Federation, for example, Rosenbach opined. “That’s the role of government—to protect the private sector from nation-state actors, no matter what the domain,” he stated. Such protection should be just as important to the government as it is to businesses, Rosenbach continued: “Our tech sector is like the last great center of gravity for the American economy.”

Intel patches remote code-execution bug that lurked in chips for 10 years

Remote management features that have shipped with Intel processors for almost a decade contain a critical flaw that gives attackers full control over the computers that run on vulnerable networks. That’s according to an an advisory published Monday afternoon by Intel. […] The flaw affects Intel manageability firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for Intel’s Active Management Technology, Small Business Technology, and Standard Manageability platforms. Versions before 6 or after 11.6 are not impacted.

A paranoid Welsh Muslim who wore gloves while typing on his laptop, admitted being part of Islamic State, and, gasp, harbored a copy of Linux Mint, has been described as a “new and dangerous breed of terrorist.” Samata Ullah, 34, who also used voice modulation software to disguise his thick Welsh accent while making instructional videos about encryption, pleaded guilty to five terrorism charges at Cardiff Crown Court. He was due to be sentenced Friday afternoon.

“To be deadly serious about cybersecurity requires that—either—we damp down the rate of change, slowing it enough to give prediction operational validity—or—we purposely increase unpredictability so that the opposition’s targeting exercise grows too hard for them to do,” Geer said. “In the former, we give up many and various sorts of progress. In the latter, we give up many and various sorts of freedom as it would be the machines then in charge, not us. Either way, the conjoining is irreversible.”

According to recent news, The Dark Over Lord had seemingly infiltrated the studio of Netflix from where he acquired access to one of Netflix’s most famous and watched shows – Orange Is the New Black. The Dark Over Lord got hold of the show’s latest season – season 5 – and demanded Netflix pay an undisclosed amount of ransom. The hacker threatened Netflix that if it does not give in to his demands, he would release the entire season publicly.

Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers. Their internet scans revealed hundreds of thousands of devices whose configurations could be changed remotely through the SNMP weakness that they found and dubbed StringBleed.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.